I am generating an Excel file to which I have to add a sensitivity label, and for that, I am using Microsoft Information Protection SDK version 1.15.86.
In the MIP SDK setup, we have to implement the IAuthDelegate to acquire a token. For this, I am following the code example found in the given link below:
IAuthDelegate implementation link: https://learn.microsoft.com/en-us/information-protection/develop/quick-app-initialization-csharp#implement-an-authentication-delegate
When I was doing a proof of concept, I was able to add the sensitivity label in the excel using the auth-token from my web app which I injected into the AcquireToken method of the IAuthDelegate here's the code for the same
public string AcquireToken(Identity identity, string authority, string resource, string claims)
{
var userAssertion = new UserAssertion(_authToken, "urn:ietf:params:oauth:grant-type:jwt-bearer", _currentUser);
var authContext = new AuthenticationContext(authority, new TokenCache());
var clientCredential = new ClientCredential(_applicationClientId, Environment.GetEnvironmentVariable("ClientSecret")));
var result = authContext.AcquireTokenAsync(resource, clientCredential, userAssertion).Result;
return result.AccessToken;
}
The _authToken is the hardcoded token from the web, _currentUser is the userPrincipalName (emailId) of the user.
The issue here is that the code to generate the Excel file will be called by a function app, so the above code becomes obsolete as I cannot pass hard-coded tokens.
From the above link I referenced the code and it shows a authentication prompt which I cannot show as the code will be executed by the function app.
I tried the client_credential flow, but it gave me the following exception:
The service didn’t accept the auth token. Challenge: [‘’] HttpRequest.Id={some-id}, CorrelationId=some-id, CorrelationId.Description=PolicyProfile
Is there a way to generate the token in the IAuthDelegate without showing the prompt? Or is there any setting in Azure that we need to configure to incorporate this?
Since I was able to set the sensitivity label in my proof of concept I am assuming all the azure settings for the Mip sdk are done right as I am able to get the sensitivity label list and able to set them, but how do I get pass this scenario of the function app?
Please suggest. Thank you.
For my case when the user triggers the excel generation from the UI, we temporarily save the OAuth token in the queue, when the queue is read, the auth token is passed and later used by the MIP SDK for a successful authentication. We went with this approach as once the message is read from the queue it's gone so there's no storage and it worked well for our usecase.